Re: extended attributes

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Fri, Jun 10, 2011 at 07:56:42PM +0200, Emmanuel Dreyfus wrote:
> Thor Lancelot Simon <tls%panix.com@localhost> wrote:
> 
> > I don't really understand.  Modifying the attribute backing stores is
> > subject to the same constraints as any other metadata write -- isn't it?
> 
> The point is that you rarely modify the files needed for booting to
> single user mode, and therefore they are not likely to have any problem.
> On the other hand, adding an attributes grows the attribute backing
> store, so I immagine it is much more sensible to corruption.

This doesn't make sense to me.  Why would one modify the other metadata
needed for booting to single user more any more or less than the relevant
attributes?

If what you're saying is that the attribute store writes are not treated
with the same integrity guarantees as other metadata writes, and, worse,
that the datastructures they're stored in are not designed to be robust
against corruption at least such that the system does not crash if it
encounters, let's say, a truncated attribute store -- that sounds to me
like such a severe design and implementation bug that this feature should
be removed from the source tree.

Is FreeBSD's FFSv2 attribute code similarly fragile?  A lot of people
seem to be using it.  Maybe it would be a better path forward for us.

Thor